We're working hard to make Ockam safe and secure for everyone. Thank you for taking the time to responsibly disclose any issues you find.

Ockam is in Developer Preview and in active development. We release a new version every week.

All security bugs in Ockam should be reported by email to security@ockam.io.

This email address is delivered to a small security team. Your email will be acknowledged within 24 hours, and you’ll receive a more detailed response to your email, within 48 hours, indicating the next steps in handling your report.

To avoid having your report lost, amid spam, please be sure to use a descriptive subject line. After the initial reply to your report, the security team will endeavor to keep you informed of the progress being made toward a fix and full announcement. As recommended by RFPolicy, these updates will be sent at least every five days.

If you have not received a reply to your email within 48 hours, or have not heard from the security team for the past five days, please start a discussion.

Please note that the discussion forum is a public area. When escalating at this venue, please do not discuss your issue. Simply say that you’re trying to get a hold of someone from the security team.

Thank you for helping us make Ockam more secure.